Financial service companies face a lot of regulations.

First, they have to contend with numerous federal guidelines, such as the Sarbanes-Oxley Act. After those guidelines, they have to then meet state regulations, such as the California Consumer Privacy Act. And after that, they have to abide by rules imposed overseas, some of which impose hefty penalties on violators.

That is not all. Financial must meet these standards while delivering a good customer experience.  

A checklist for addressing these challenges goes a long way. Luckily, we have provided one to help your service get started meeting those challenges. 

1. Develop Cyber Security Policies That Meet US Compliance Standards

Cyber security receives substantial media attention because a security breach often results in the loss of confidential information for millions of consumers. Thieves specifically target financial service companies because the collection and storage of consumer data is a key part of the industry. In fact, thieves target the financial service industry 300 times more frequently than other industries. In 2018, companies within the financial service industry experienced 819 incidents of cyber crime, a sharp increase over 2017. For instance, in 2018, Capital One experienced the loss of information for 1.2 million American and Canadian customers, while a First American data breach exposed the confidential data for another 885 million customers.   

Large security breaches not only make headlines but cost corporations millions of dollars due to lawsuits, fines from regulatory agencies, required technology upgrades, and damage to consumer confidence.  

At the conclusion of each investigation, experts determine businesses could prevent most security breaches. Yet, companies continue to grapple with the best way to mitigate a cyber security attack within the constraints of the company budget.  

2.   Institute Data Protection Requirements that Address US Compliance Standards

Data protection involves more than creating policies and procedures to protect online portals. Financial service companies also collect and store vast amounts of consumer data on computers and digital devices as well as in file cabinets and office drawers. While cyber theft receives the most attention, thieves, both inside and outside the company, can hack into offices and steal confidential information that is not appropriately safeguarded.

Every year businesses lose $50 billion to employee theft. Internal security breaches cause 33% of all business bankruptcies with a median loss of $175,000, making it essential for companies to protect data and assets in both cyber and physical environments.

One popular way companies seek to protect physical data is through a paperless office. The reality is, however, that customers still demand the use of paper, and employees print out more documents than ever before. It is not enough to have computer systems to capture confidential data. Companies must actively control access to every office, electronic device, desk drawer, and file cabinet containing confidential or proprietary information.

New technologies, like Senseon, allow managers to not only control access but to track and monitor employee activity. Systems that log entry and exits can reduce shrinkage, be the link to preventing internal theft, and provide essential information when prosecution becomes necessary.  

Other features of access control systems that add layers of security protection and can reduce losses include auto re-locking, delayed opening, and multi-card authentication requirements. Employing a multi-faceted approach to access control through an audit trail can also increase physical security measures without significantly increasing costs.

3. Meet the Challenge of Global Compliance

Whether a company has a single office in Kansas City or operates a global corporation, international laws can impact the business. In addition to federal regulations, corporations must consider any applicable compliance directives and international laws to avoid steep fines and fees associated with non-compliance.

For example, in May 2018, the General Data Protection Regulation, otherwise known as the GDPR, went into effect throughout Europe. Although the law directly affects companies operating within the European Union, the regulation has far-reaching effects because it applies to any company that does business with, markets to, or reaches citizens within the European Union. If a company sells a product, collects email addresses, or uses cookies to track consumer interactions on a website, the GDPR probably applies.

As the internet continues to dissolve commercial borders, this EU regulation becomes applicable to more US companies, even if they do not directly market to citizens in Europe.

4. Address State-Level Requirements

Compliance regulations vary across each state in the US. Therefore, businesses located in or doing business in a state must be careful to follow the laws within that state. When comparing state and federal regulations, typically the most stringent laws apply.

State lawmakers have recently looked to the more stringent international consumer protection laws when writing and enacting new regulations, which impact how companies collect, protect, and use consumer data. For instance, in 2018, California passed a law similar to the GDPR, strengthening consumer rights with regard to the use and storage of data held by companies. 

Today, businesses of all sizes must comply with federal, state, and international regulations when collecting, maintaining, using, and selling personal data provided by consumers. 

5. Bridge the Gap Between Policies and Operations

Lastly, companies must bridge the gap between written policies and employee behaviors. It is one thing to create policies and procedures that address and mitigate the risk of a physical or cyber-attack. It is another to instill daily procedures, built into business operations, ensuring every employee follows the company policy, every time.  

Identifying the gaps between written policies and everyday practices can help companies uncover vulnerabilities. It might be employees sharing computer passwords, failing to reset a video feed, or leaving desks drawers containing cash or confidential data unlocked.

Regardless of the reason for the security failure, regulatory agencies hold the company accountable and liable for a security breach, even when written procedures are in place.

Final Thoughts

Successful companies take a holistic approach to security by installing integrated systems, using cross checks, and ensuring all employees follow both cyber and physical security protocols.

Securing offices and online platforms in 2020 will require a rigorous assessment of security risks and an update to internal procedures in order to keep up with changing laws. But good planning can go a long way in meeting those challenges.  

Companies like Senseon have a dedicated team to help you review existing procedures and develop ways to automate your physical security processes, thereby reducing human error and mitigating your risk of a physical security breach. Learn more about how Senseon can protect your business.